Frequently Asked Questions

The AWS European Sovereign Cloud is an independent cloud for Europe, designed to help public sector organisations and customers in highly regulated industries meet their evolving sovereignty needs. The AWS European Sovereign Cloud is the only fully-featured, independently operated sovereign cloud, backed by strong technical controls, sovereign assurances and legal protections. We’ve designed the AWS European Sovereign Cloud to be separate and independent from our existing AWS Regions, with infrastructure located wholly within the European Union (EU), with the same security, availability and performance that our customers get from existing AWS Regions today. As with all current Regions, customers using the AWS European Sovereign Cloud will benefit from the full power of AWS with the same familiar architecture, expansive service portfolio and APIs that millions of customers use today.

To deliver enhanced operational autonomy and resilience within the EU, only personnel who are EU residents, located in the EU, have control of day-to-day operations, including access to the data centres, technical support and customer service of the AWS European Sovereign Cloud. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period we will continue to work with a blended team of EU residents and EU citizens located in the EU. 

The first AWS Region of the AWS European Sovereign Cloud is located in the State of Brandenburg, Germany. We have also announced plans to extend the AWS European Sovereign Cloud footprint from Germany across the EU to support stringent isolation, in-country data residency, and low latency requirements. This will start with new AWS Local Zones located in Belgium, the Netherlands, and Portugal.

The AWS European Sovereign Cloud is open to all customers, including customers who, due to seeking enhanced data residency and operational autonomy, have either not been able to begin their cloud journey yet or not been able to move some of their more sensitive workloads to the clouds.

The AWS European Sovereign Cloud infrastructure is entirely located within the EU, physically and logically separate from other AWS Regions, and operates as an independent cloud for Europe. AWS is committed to independent and continuous operations; the AWS European Sovereign Cloud has no critical dependencies on non-EU infrastructure.

In addition to independent infrastructure, there is zero operational access outside of EU borders, providing operational autonomy and enhanced data residency. The AWS European Sovereign Cloud is operated entirely by EU residents, located in the EU. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. Only AWS employees, residing in the EU, will control day-to-day operations, including access to data centres, technical support and customer service for the AWS European Sovereign Cloud.

The AWS European Sovereign Cloud provides customers with the capability to meet stringent operational autonomy and data residency requirements. Consider the AWS European Sovereign Cloud for workloads that require enhanced sovereignty controls, including those with specific requirements for data residency and operational control within the EU. To deliver enhanced data residency and operational control, the AWS European Sovereign Cloud infrastructure is operated independently from other AWS Regions. To assure independent operation of the AWS European Sovereign Cloud, only personnel who are EU residents, located in the EU, have control of day-to-day operations, including access to data centres, technical support and customer service. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU.

For other workloads, millions of companies around the world rely and trust existing AWS Regions to host their most-sensitive and regulated data in the cloud. The AWS Global Cloud Infrastructure is a secure, extensive and reliable cloud infrastructure, offering over 200 fully featured services from data centres globally.

The AWS European Sovereign Cloud is a fully-featured cloud offering the expansive service portfolio and capabilities that customers use across AWS today. When launching a new AWS Region, we start with core services needed to support critical workloads and applications, then continue to expand based on customer and partner demand.

Visit AWS Capabilities by Region for the complete list of available services in the AWS European Sovereign Cloud and our services roadmap.

No, customers who have an existing AWS account need to create a new account to use the AWS European Sovereign Cloud. Accounts for the AWS European Sovereign Cloud are independent and not interoperable with other AWS Regions.

No, there are no special requirements to sign up for an account or use the AWS European Sovereign Cloud.

Yes, AWS provides a wide range of resources, programs and AWS Partners to help customers adopt the cloud effectively. From lifting and shifting workloads to migrating entire data centres, customers get the organisational, operational and technical capabilities needed for a successful migration to AWS. For example, we offer the AWS Cloud Adoption Framework (AWS CAF) to provide best practices for organisations to develop an efficient and effective plan for cloud adoption, and AWS Migration Hub to help assess migration needs, define migration and modernisation strategy, and leverage automation.

Cost-management tooling, bills and the console interface will provide a euro currency (EUR) experience. Depending on the customers’ location, they will also be able to make payments in EUR or their preferred currency.

To ensure a consistent experience for all European customers, the AWS contracting party for all AWS accounts in the AWS European Sovereign Cloud associated with a customer location in the EU will be Amazon Web Services EMEA SARL (‘AWS Europe’), with its principal place of business in Luxembourg. Please see the AWS European Sovereign Cloud Addendum for details on the contractual commitments that AWS makes for customers using the AWS European Sovereign Cloud.

Yes, AWS makes additional contractual commitments in the AWS European Sovereign Cloud Addendum reflecting the enhanced data residency and operational control of the AWS European Sovereign Cloud. These commitments automatically apply to any customer using the AWS European Sovereign Cloud via their AWS European Sovereign Cloud Account.

You can learn more about the design of the AWS European Sovereign Cloud in our published white paper, the Overview of the AWS European Sovereign Cloud.

The management team leading the new parent company of the AWS European Sovereign Cloud includes the managing directors and a government security and privacy official, who will all be EU citizens residing in the EU. The management team includes Stéphane Israël and Stefan Hoechbauer, both EU citizens residing in the EU and experienced business leaders, strengthening the operational autonomy of the AWS European Sovereign Cloud. AWS established an independent advisory board for the AWS European Sovereign Cloud, legally obligated to act in the best interest of the AWS European Sovereign Cloud. Reinforcing the sovereign control of the AWS European Sovereign Cloud, the advisory board will consists of five members, all EU citizens residing in the EU, including at least two independent board members who are not affiliated with Amazon. The advisory board will act as a source of expertise and provide accountability on sovereignty-related aspects of the AWS European Sovereign Cloud operations, including strong security and access controls and the ability to operate independently in the event of disruption.

Find out more by visiting our governance page.

Yes, the first region of the AWS European Sovereign Cloud in Germany is operated by entities established in Germany under German corporate law specifically for this purpose. At the outset, the AWS European Sovereign Cloud’s entity structure includes:

1. AWS European Sovereign Cloud Development Centre GmbH that employs AWS European Sovereign Cloud personnel responsible for operating AWS European Sovereign Cloud services;
2. Amazon Data Services European Sovereign Cloud GmbH that owns and operates the underlying AWS European Sovereign Cloud infrastructure;
3. Amazon European Sovereign Cloud Trust Services GmbH to hold the relevant trust certificates;
4. AWS European Sovereign Cloud GmbH, the parent company for the above three entities.

In October 2025, Stéphane Israël was appointed as the Managing Director of the AWS European Sovereign Cloud. He drives the company's digital sovereignty efforts with extensive experience in European technology. In his new role, Stéphane is responsible for the management and operations of the AWS European Sovereign Cloud, including infrastructure, technology and services, as well as leading AWS's global digital sovereignty efforts. Based in Germany, he works alongside Stefan Hoechbauer, Managing Director for AWS Global Sales Germany and Europe Central and the AWS European Sovereign Cloud. Stefan, appointed as managing director in January 2026, acts as a source of expertise on sovereignty-related aspects of operations. Both leaders are required to act in the interests of the AWS European Sovereign Cloud GmbH legal entity.

It's common practice across Amazon to appoint two managing directors for key positions. Stefan Hoechbauer and Stéphane Israël work alongside each other, leading different aspects of the AWS European Sovereign Cloud. Stéphane manages and leads operations for the AWS European Sovereign Cloud while Stefan, who is Managing Director for AWS Global Sales Germany and Europe Central oversees decisions related to corporate governance and compliance. Both will act in the best interest of the AWS European Sovereign Cloud GmbH.

The AWS European Sovereign Cloud infrastructure is entirely located within the EU, physically and logically separate from other AWS Regions, and operates as an independent cloud for Europe. With a commitment to independent and continuous operations, the AWS European Sovereign Cloud has no critical dependencies on non-EU infrastructure. There is zero operational control outside of EU borders; the AWS European Sovereign Cloud is operated entirely by residents of Europe. Only AWS employees, residing in the EU, will control day-to-day operations, including access to data centres, technical support and customer service for the AWS European Sovereign Cloud. We are gradually transitioning the AWS European Sovereign Cloud to be operated exclusively by EU citizens located in the EU. During this transition period, we will continue to work with a blended team of EU residents and EU citizens located in the EU. 

The AWS European Sovereign Cloud has dedicated networking infrastructure and connectivity from European providers, as well as sovereign Points of Presence for direct network connection to the AWS European Sovereign Cloud, via AWS Direct Connect, allowing customers to have an autonomous connection to the AWS European Sovereign Cloud. The AWS European Sovereign Cloud has its own dedicated Amazon Route 53, providing customers with a highly available and scalable Domain Name System (DNS), domain name registration, and health-checking web services. The Route 53 name servers for the AWS European Sovereign Cloud only uses European Top Level Domains (TLDs) for their own names.

The AWS European Sovereign Cloud is operated only by personnel who are European Union (EU) residents located in the EU, subject to EU law. Based on evolving customer requirements for digital sovereignty in Europe, we are adding EU citizenship to our hiring requirements for AWS European Sovereign Cloud employees operating the cloud. Our EU citizen personnel will work from EU locations subject to EU law, as before.

The AWS European Sovereign Cloud is designed to provide customers with an autonomous cloud that operates independently in Europe, for Europe. Replicating a broadly practised mitigation mechanism that is established in EU institution and government hiring practices, operational control and access will be restricted to EU citizens located in the EU to ensure that all operators have enduring ties to the EU and to meet the needs of our customers and partners.

To assure independent operation of the AWS European Sovereign Cloud, these hiring requirements apply to personnel who have control of day-to-day operations, including access to data centres, technical support and customer service. As we make this change, we will continue to work as a blended team of EU residents and EU citizens, with all personnel working from EU locations, before gradually completing our transition to EU citizen operations for the AWS European Sovereign Cloud.

An AWS Region is a physical geographical location where we have a cluster of data centres. Each Region is made up of separate and discrete locations known as Availability Zones (AZs), which refer to data centre infrastructure in separate and distinct geographical locations with enough distance to significantly reduce the risk of a single event impacting availability, yet near enough for business continuity applications that require rapid failover. Each AZ has independent power, cooling and physical security, and is connected to national backbone networks via high-speed fibre-optic networks.

AWS builds data centres in multiple geographical regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system disruptions. AWS designs its data centres with significant excess bandwidth connections so that if a major disruption occurs, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites, minimising the impact on customers.

Though separate, the AWS European Sovereign Cloud will offer the same industry-leading architecture built for security and availability as other AWS Regions. This will include multiple Availability Zones (AZs), infrastructure that is placed in separate and distinct geographic locations, with enough distance to significantly reduce the risk of a single event impacting customers’ business continuity. Each AZ will have multiple layers of redundant power and networking to provide the highest level of resiliency. All AZs in the AWS European Sovereign Cloud will be interconnected with fully redundant, dedicated metro fibre, providing high-throughput, low-latency networking between AZs. All traffic between AZs will be encrypted.

Customers who need more options to address stringent isolation and in-country data residency needs will be able to leverage AWS Dedicated Local Zones or AWS Outposts to deploy AWS European Sovereign Cloud infrastructure in locations they select.

Yes, we have announced plans to add AWS Local Zones in Belgium, the Netherlands, and Portugal. These Local Zones will be connected to the AWS European Sovereign Cloud German Region using the Amazon redundant and very high-bandwidth private network, giving applications running in Local Zones fast, secure, and seamless access to the rest of AWS services. In addition, customers will be able to use AWS Dedicated Local Zones and AWS Outposts to further extend the AWS European Sovereign Cloud infrastructure to locations they select, including their own on-premises data centres.

AWS Local Zones are infrastructure deployments that extend AWS services to metro areas around the world, allowing customers to use select AWS services, such as compute and storage services, in specific geographic locations to meet low-latency and data residency requirements. Local Zones are also connected to the parent Region using the Amazon redundant and very high-bandwidth private network, giving applications running in Local Zones fast, secure, and seamless access to the rest of AWS services. To ensure that a jurisdiction’s unique data residency requirements are met, we recommend customers work closely with their compliance and security teams for confirmation. Local Zones in Belgium, the Netherlands, and Portugal follow the AWS European Sovereign Cloud operational model, with day-to-day operations including access to data centres, technical support, and customer services provided by local personnel.

AWS Dedicated Local Zones are infrastructure that is fully managed and operated by AWS and configured for your exclusive use to help meet your specific regulatory requirements. Dedicated Local Zones can be placed in countries and jurisdictions wherever you choose, whether in a customer- specified data centre or in AWS sites, and offer additional security and governance features to help monitor and control access so that you can easily meet data isolation, in-country data residency, and compliance requirements. This private infrastructure provides controlled multi-tenancy features to restrict access to resources to select users that you choose. With Dedicated Local Zones, you can benefit from the features of the cloud, such as elasticity, scalability, and pay-as-you-grow pricing, so that you can innovate faster. Dedicated Local Zones follow the AWS European Sovereign Cloud operational model, with day-to-day operations including access to data centres, technical support, and customer services provided by local personnel.

AWS Outposts is a fully managed service that extends AWS infrastructure, AWS services, APIs, and tools to on-premises and edge locations. With Outposts, customers will be able to run some AWS services locally and connect to a broad range of services available in the parent AWS European Sovereign Cloud Region. Outposts support workloads and devices requiring low latency access to on-premises systems, local data processing, data residency, and application migration with local system interdependencies.

Yes, security has always been our top priority. AWS has a proven track record of innovation to address specialised workloads around the world. To meet additional data residency, operational autonomy and resiliency needs in Europe, AWS is collaborating closely with European regulators and national cybersecurity agencies to build the AWS European Sovereign Cloud.

Across AWS, you’ll see that the same security isolations are employed as would be found in a traditional data centre. These include physical data centre security, separation of the network, isolation of the server hardware and isolation of storage.

We have a shared responsibility model with the customer; AWS manages and controls the components from the host operating system and virtualisation layer down to the physical security of the facilities in which the services operate, and AWS customers are responsible for building secure applications. We provide a wide variety of best practices documents, encryption tools and other guidance our customers can leverage in delivering application-level security measures. In addition, AWS partners offer hundreds of tools and features to help customers to meet their security objectives, ranging from network security, configuration management, access control and data encryption.

The AWS European Sovereign Cloud is secured by a dedicated European Security Operations Centre (SOC) that mirrors our global security practices. Security is foundational to digital sovereignty and AWS is architected to be the most secure global cloud infrastructure on which to build, migrate and manage applications and workloads. AWS has always been secure by design, defining industry-leading practices, technologies and controls that are deeply integrated across all layers, from the physical data centres to the network design and service architectures, ensuring robust security and data protection for customers’ applications and data. To bring these trusted solutions and operations to customers of the AWS European Sovereign Cloud, we will extend our security operations to the dedicated SOC. This SOC is supported by a dedicated security leader who is an EU citizen residing in the EU. The security leader is responsible for advising the managing director and supporting customers and regulators in Europe on security-related matters.

The AWS European Sovereign Cloud is designed to help customers meet their digital sovereignty requirements, including data residency within the EU, operational autonomy, and management by EU-based personnel. However, regulatory requirements can vary depending on your country, jurisdiction, industry or use case. While the AWS European Sovereign Cloud provides tools to support compliance, we recommend customers work closely with their compliance and security teams to ensure all applicable requirements are met for their particular situation.

As with all existing AWS Regions, the AWS European Sovereign Cloud will provide customers with control over the storage, transfer and encryption of their data to meet their data sovereignty needs. With AWS European Sovereign Cloud, AWS is going further and enabling customers to keep all the metadata they create (such as the roles, permissions, resource labels and configurations that they use to run AWS) in the EU. Because the AWS European Sovereign Cloud is an independent AWS Region, no customer-created metadata will leave the Region without customer permission. The AWS European Sovereign Cloud also has independent Identity and Access Management, billing and metering systems.

The AWS European Sovereign Cloud will maintain key certifications such as ISO/IEC 27001:2013, SOC 1/2/3 reports, and BSI C5 attestation, all validated regularly by independent auditors to assure our controls are designed appropriately, operate effectively and help customers satisfy their compliance obligations.

The AWS European Sovereign Cloud: Sovereign Reference Framework (ESC-SRF) is a reference framework developed by AWS which will be independently validated by a third-party auditor to verify that the AWS European Sovereign Cloud design and operations directly conform with our sovereignty commitments and controls. This reference framework aligns sovereignty criteria across multiple domains such as governance independence, operational control, data residency and technical isolation. Working backwards from our customers’ sovereign use cases, we aligned controls to each of the criteria and the AWS European Sovereign Cloud is undergoing an independent third-party audit to verify the design and operations of these controls conform to AWS sovereignty commitments. Customers and partners can also leverage the ESC-SRF as a foundation upon which they can build their own complementary sovereignty criteria and controls when using the AWS European Sovereign Cloud. To learn more, read our blog exploring the new AWS European Sovereign Cloud: Sovereign Reference Framework.

Yes, AWS commits to independent third-party audits and attestations of the AWS European Sovereign Cloud controls based on the ESC-SRF. Customers will have access to assurance reports via AWS Artifact, ensuring full traceability of control design and operating effectiveness.

Yes, to clearly explain how the AWS European Sovereign Cloud meets sovereignty expectations, the ESC-SRF is available to download from in AWS Artifact (login required) including the criteria and control mapping.

The ESC-SRF is industry and sector agnostic, as it’s written to address fundamental sovereignty needs and expectations at the foundational layer of our cloud offerings.

Yes, we are committed to earning customers’ trust with verifiable control over customer content access and increased transparency. We engaged NCC Group, a leading cybersecurity consulting firm to conduct an architecture review of our security claims of the AWS Nitro System and produce a public report. The report confirms that the AWS Nitro System, by design, has no mechanism for anyone at AWS to access your content on Nitro hosts. Find out more by reading our blog post.

The AWS European Sovereign Cloud provides customers with access to a wide range of Software as a Service (SaaS) and Independent Software Vendor (ISV) offerings through AWS Marketplace, a curated digital catalogue that makes it convenient to find, test, buy and deploy third-party software. These Partner solutions will span key categories including Data & Analytics, Observability & Process Management, Integration & DevOps, AI & Machine Learning and Security & Identity Management. Customers can find, subscribe to and manage solutions that are specifically designed to operate within EU boundaries while inheriting the robust security controls and operational independence of the AWS European Sovereign Cloud infrastructure, enabling customers to access Partner solutions while maintaining European sovereignty requirements. Find out more about the growing number of solutions in our Partner page.

Yes, AWS Digital Sovereignty Competency Partners specialise in addressing customers’ digital sovereignty requirements while leveraging AWS services and controls. These partners are a community of validated Partners with advanced AWS sovereignty experience, capabilities and services.

Yes, AWS and AWS Migration Competency Partners have helped thousands of organisations migrate to the cloud with a proven approach to help achieve business objectives faster. From assessing and planning, to executing the actual migration, AWS and AWS Partners have the most mature tools and resources to help ensure that you have success both during your migration and as you operate on the cloud.

Yes, to access the console for AWS Marketplace as a buyer or seller in the European Sovereign Cloud you will need an AWS European Sovereign Cloud account. The AWS European Sovereign Cloud has an independent billing system; existing AWS accounts may not be used with the AWS European Sovereign Cloud.